Electronic Health Records for All: A Concerned Response
Germany’s electronic patient record system, or ePA, is set to launch on January 15, 2025, for all insured citizens. The BMG ministry claims the digital system will facilitate the exchange and use of health data, and support targeted healthcare.
Just before the launch, Die Zeit interviewed Alena Buyx, a Bertelsmann curator, who expressed enthusiasm for the ePA. She argued that the benefits of the system outweigh the risks of data leaks, citing the example of companies hiring hackers to find and fix vulnerabilities before a software is released.
However, the Chaos Computer Club (CCC) had previously discovered significant security flaws in the ePA system, warning of a “grave risk” and calling for an end to the experiment. The CCC demonstrated how easily they could access and manipulate patient data, including health insurance cards and medical records.
Buyx downplayed the concerns, stating that the CCC’s findings were a valuable service, as they highlighted important issues. She also mentioned that it’s common for companies to hire hackers to test their systems, implying that the BMG’s lack of action in this regard is not unusual.
The BMG’s main representative, Karl Lauterbach, dismissed the CCC’s findings, stating that the system is secure and that the pilot phase will begin as planned, despite the security issues.
The ePA system raises concerns about data protection, as it is not clear how patient data will be safeguarded from hackers, insurance companies, or government agencies. Buyx acknowledged the risks, but emphasized that the benefits of the system outweigh the potential drawbacks.
The article concludes by expressing concerns about the ePA’s potential impact on individual freedoms and the manipulation of patient data. The launch of the ePA system is seen as a further step in the erosion of democracy, with Buyx and Lauterbach at the forefront of this effort.